Splunk Search

Splunk Search results as CSV- python

poorni_p
Explorer

I am trying to get the results as CSV file with the help of this page https://www.splunk.com/blog/2011/08/02/splunk-rest-api-is-easy-to-use.html. i modified few things and successfully getting session id and SID, but getting the below error for the "Get the search status" query.

code:

    servicesSearchStatusSTR='/services/search/jobs/%s/' %sid
    isNotDone = True
    myhttp.add_credentials('username','pwd')
    while isNotDone:
        searchStatus = httplib2.Http(disable_ssl_certificate_validation=True).request(baseurl + servicesSearchStatusSTR,'GET', headers={'Authorization':'Splunk %s' % sessionkey},  body=urllib.parse.urlencode({'search':searchQuery}))[1]                                                                   
        isDoneStatus = re.compile('isDone">(0|1)')
        print(isDoneStatus)
        isDoneStatus =isDoneStatus.search(searchStatus).groups()[0]\
        if(isDoneStatus == '1'):
                     isNotDone = False

print("%s", isDoneStatus)

Error:
Traceback (most recent call last):
File "sample.py", line 46, in
isDoneStatus =isDoneStatus.search(searchStatus).groups()[0]\
TypeError: cannot use a string pattern on a bytes-like object

Please help me to resolve this error.

0 Karma
1 Solution

renjith_nair
Legend

@poorni_p,

searchStatus is an html response (a byte like object) and you need to convert that to string before doing a regex search.

Try adding this to your code just below the searchStatus(line 5 in your code snippet)

    searchStatus = searchStatus.decode('utf-8')
---
What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

0 Karma

eavent_splunk
Splunk Employee
Splunk Employee

I'm not a Python expert, but from my testing on Python 2.7 I think you might just have to remove the backslash at the end of this line:

 isDoneStatus =isDoneStatus.search(searchStatus).groups()[0]\
0 Karma

renjith_nair
Legend

@poorni_p,

searchStatus is an html response (a byte like object) and you need to convert that to string before doing a regex search.

Try adding this to your code just below the searchStatus(line 5 in your code snippet)

    searchStatus = searchStatus.decode('utf-8')
---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Get Updates on the Splunk Community!

SOCin’ it to you at Splunk University

Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 ...

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...